WordPress 2.1.1 Dangerous, Upgrade Immediately

I noticed personally that this year SPAMMERS taking new approach to sent spam, they were able to pass the ‘wall’ and get into many inbox! Last year there was a large number of RAID from FBI and such agents, they down a lot server and warez groups/community, but there was some continues attacks from some hacker-cracker groups. Specially, Forum/Web-Applications were attacked which had some security holes…It’s a regular story though.

There happened a “kind of thing you pray never happens”, it is WordPress hacked by a cracker who changed two files in the WordPress 2.1.1, put some code which would allow for remote PHP execution!Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

Longer explanation: This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

The good is before it’s too late, WordPress Team got it, fix it….hope there will be no next time of this kind of situation at least with WordPress!!